Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

a.zip

windows10-1703-x64

10

Resubmissions

17/09/2023, 21:42

230917-1kqywsfc99 10

09/09/2023, 02:55

230909-denv1sha92 10

06/09/2023, 17:13

230906-vrxr5aaa71 10

13/08/2023, 17:31

230813-v3xlhafe8v 10

27/06/2023, 12:47

230627-p1fx3sfa4w 10

13/06/2023, 16:07

230613-tklwlsgh96 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a.zip

  • Size

    832B

  • Sample

    230813-v3xlhafe8v

  • MD5

    10e578867faad166dc6a8f3868cef2f4

  • SHA1

    f541fab60d482834e90638c5aebdefe3d997174e

  • SHA256

    6fe03f61ee89f37688356f14ee8dc2d0c001e0d43281fad29386270a9c71c92c

  • SHA512

    38389b61e71eed9a9587900f60d59c145d070d0e02602f473c284befcd4898b1191f1982e71463c9cbe17ea36f4ec6c17d665f072e730981eae00fd805863114

Score
10/10
redlineremcosvidar6ba937c4f557f3e5e256c94548f72a29logsdiller cloud (telegram: @logsdillabot)remotehostinfostealerratstealer

Malware Config

Extracted

Family

vidar

Version

5.1

Botnet

6ba937c4f557f3e5e256c94548f72a29

C2

https://t.me/tatlimark

https://steamcommunity.com/profiles/76561199536605936
Attributes
  • profile_id_v2

    6ba937c4f557f3e5e256c94548f72a29

Extracted

Family

remcos

Botnet

RemoteHost

C2

192.210.255.48:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-55NWGD

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Targets

    • Target

      a.zip

    • Size

      832B

    • MD5

      10e578867faad166dc6a8f3868cef2f4

    • SHA1

      f541fab60d482834e90638c5aebdefe3d997174e

    • SHA256

      6fe03f61ee89f37688356f14ee8dc2d0c001e0d43281fad29386270a9c71c92c

    • SHA512

      38389b61e71eed9a9587900f60d59c145d070d0e02602f473c284befcd4898b1191f1982e71463c9cbe17ea36f4ec6c17d665f072e730981eae00fd805863114

    Score
    10/10
    redlineremcosvidar6ba937c4f557f3e5e256c94548f72a29logsdiller cloud (telegram: @logsdillabot)remotehostinfostealerratstealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks